Post navigation

TripleO Network Isolation in Virtual Environment (VLAN)

Have been testing around with TripleO deployments trying out the templates for network isolation. The virtual environment’s setup is quite simple. I just followed the official Openstack TripleO documentation and deployment documentation.

For network isolation testing I followed this link, and in addition also got some hints from here. The basic idea of this network isolation setup is that every service is using its own VLAN (storage, external network, tenant and so on…).

Following the documentation we are going to use the undercloud as a gateway, the vlan10 interface is create and tagged “10”, this you can see from the ovs-vsctl output:

Have created a subnet for the internal VM traffic (192.168.168.0/24) and external network 10.0.0.0/24.
Created a router with gateway 10.0.0.234 and another port on 192.168.168.0/24 network. This should result in something like this:

Afterwards I made sure that the security policies are allowing SSH, ICMP and DNS.

When I tried to ping 10.0.0.1 from the router’s namespace I got no reply:

I created the external network in neutron but didn’t configure it properly.
Instead of the “default” way I was creating the router (neutron net-create ext_net –router:external) I had to explicitly configure it as VLAN, add the physical_network name and the tag. The physical_network name can be found in /etc/neutron/plugins/ml2/ml2_conf.ini on the network node/controller: